At a glance: NIST updates its IoT security guidelines SP 800-213 with stronger focus on product systems rather than individual devices and expands requirements based on five years of practical experience.
The National Institute of Standards and Technology (NIST) has released a revised draft of Publication SP 800-213 Revision 1 for public comment. The guidelines define minimum cybersecurity requirements for IoT products in U.S. federal agencies.
NIST released on Wednesday the first public draft of the revised Publication SP 800-213 Revision 1 titled “IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements” for comment. The deadline for public feedback ends on August 24, 2026. The draft is based on the existing publication SP 800-213A, which provides a catalog of technical and non-technical cybersecurity functions for manufacturers and consumers.
A significant conceptual innovation is the shift from the term “IoT devices” to “IoT products.” This distinction aims to clarify to organizations that they must consider all components of an IoT product as well as the overall system in which it is deployed in their risk assessments. NIST justifies this approach by noting that not every IoT product requires all available cybersecurity functions, just as not every IT system in federal agencies uses every control. The adaptation is intended to enable organizations to securely integrate IoT products and meet their security requirements.
The revision was made necessary by technological and operational changes over the past five years. The current draft incorporates lessons from stakeholders and provides, according to NIST, clearer guidance, more relevant content, and better alignment with the current security environment. The institute recommends that organizations in parallel use additional standards: SP 800-30 Revision 1 for risk assessments and SP 800-53 Revision 5 for security and privacy controls.
Source: www.it-daily.net · Published June 25, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.